Sinopsis
Listen to talk about computer forensic analysis, techniques, methodology, tool reviews and more.
Episodios
-
![DFSP # 275 - dotNET]()
DFSP # 275 - dotNET
25/05/2021 Duración: 09minThis week I tackle .NET. It is an ecosystem that is associated with malicious Powershell activity.
-
![DFSP # 274 - Powershell Revisited]()
DFSP # 274 - Powershell Revisited
18/05/2021 Duración: 17minThis week I revisited powershell from a process fast triage context.
-
![DFSP # 273 - CSA Cloud Threats 3]()
DFSP # 273 - CSA Cloud Threats 3
11/05/2021 Duración: 12minThis week is about the top threats to cloud computing.
-
![DFSP # 272 - 4688]()
DFSP # 272 - 4688
04/05/2021 Duración: 16minThis week I continue with the fast triage method for processes with a focus on historical records.
-
![DFSP # 271 - DREAD and STRIDE]()
DFSP # 271 - DREAD and STRIDE
27/04/2021 Duración: 13minThis week I cover threat modeling from a DFIR point-of-view. It provides a standard framework to classify and rate the severity of vulnerabilities discovered during investigations.
-
![DFSP # 270 - CAPEC]()
DFSP # 270 - CAPEC
20/04/2021 Duración: 11minThis week I run through a threat intel resource you may use for standardized attack information.
-
![DFSP # 269 - Svchost Revisited]()
DFSP # 269 - Svchost Revisited
13/04/2021 Duración: 18minThis week I revisit Svchost and the triage methods to apply.
-
![DFSP # 268 - CSA Cloud Threats 2]()
DFSP # 268 - CSA Cloud Threats 2
06/04/2021 Duración: 19minThis week is about the top threats to cloud computing.
-
![DFSP # 267 - Sunscreen]()
DFSP # 267 - Sunscreen
30/03/2021 Duración: 14minThis week is a case study that demonstrates the power behind IR fundamental methodology.
-
![DFSP # 266 - Windows non-core processes]()
DFSP # 266 - Windows non-core processes
23/03/2021 Duración: 18minThis week I continue with the fast triage method for processes with a focus on, well, everything else!
-
![DFSP # 265 - CSA Cloud Threats 1]()
DFSP # 265 - CSA Cloud Threats 1
16/03/2021 Duración: 19minThis week is about the top threats to cloud computing.
-
![DFSP # 264 - Golden SAML]()
DFSP # 264 - Golden SAML
09/03/2021 Duración: 12minThis week is about preparing for Golden SAML attacks for both Incident Response and Threat Hunting.
-
![DFSP # 263 - Threat Hunt with Statistics]()
DFSP # 263 - Threat Hunt with Statistics
02/03/2021 Duración: 25minThis week is about applying basic statistical analysis to threat hunting. The results are effective!
-
![DFSP # 262 - Security Theatre]()
DFSP # 262 - Security Theatre
23/02/2021 Duración: 17minThis week is about theatrics in security and how to avoid the trap.
-
![DFSP # 261 - Wincore Processes Revisited part 2]()
DFSP # 261 - Wincore Processes Revisited part 2
16/02/2021 Duración: 15minThis week I revisit Windows Core Processes and the triage methods to apply to them.
-
![DFSP # 260 - Learn from the Red Team]()
DFSP # 260 - Learn from the Red Team
09/02/2021 Duración: 14minThis week I talk about vulnhub, a free resource to practice ethical hacking skills and sharpen your DFIR skills.
-
![DFSP # 259 - Wincore Processes Revisited part 1]()
DFSP # 259 - Wincore Processes Revisited part 1
02/02/2021 Duración: 20minThis week I revisit Windows Core Processes and the triage methods to apply to them.
-
![DFSP # 258 - Network Triage Part 4]()
DFSP # 258 - Network Triage Part 4
26/01/2021 Duración: 15minThis week is the fourth part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record blocked network activity.
-
![DFSP # 257 - Supply Chain Attacks]()
DFSP # 257 - Supply Chain Attacks
19/01/2021 Duración: 17minThis week is about supply chain security posture from a DFIR point-of-view.
-
![DFSP # 256 - Kernel Process Masquerading]()
DFSP # 256 - Kernel Process Masquerading
12/01/2021 Duración: 09minThis week I go over a method to detect kernel process masquerading on Linux systems.
